Security Analysis of Three Password Authentication Schemes
Kyung-Ah Shim (National Institute for Mathematical Sciences, Korea)
Abstract: In this paper, we show that a verifier-based password authentication scheme and two remote user authentication schemes are insecure against several active attacks. These results demonstrate that no more password authentication schemes should be constructed with such ad-hoc methods, i.e, the formal design methodology using provable security should be employed.
Keywords: password-based authentication, remote user authentication, server-compromise attack, smart card, verifier-based password authentication
Categories: D.4.6, E.3